Is iShredder DoD 5220.22‑M (Data Erasure Standard) compliant? Do you have a Conformity?

Protectstar Inc., as the manufacturer of the iShredder™ product line, hereby officially declares that all iShredder™ solutions (for Android, iOS, macOS, Windows, and Windows Server) meet the requirements of the DoD 5220.22‑M standard for data erasure. This declaration is intended equally for private end users, business customers, and government agencies. Its goal is to provide both technical details and general explanations to ensure clarity for all audiences.
 

1. Background: What Is the DoD 5220.22‑M Standard?

The DoD 5220.22‑M standard originates from the National Industrial Security Program Operating Manual (NISPOM) of the U.S. Department of Defense (DoD) and was initially published in 1995.
It describes methods for secure data destruction by means of multiple overwriting and is recognized worldwide as a reference for professional data erasure processes.

1. Origin and Purpose

Core Objective: DoD 5220.22‑M aims to overwrite sensitive data to such an extent that neither software tools nor forensic hardware methods can recover remnants of the original information.
Historical Significance: For a long time, this guideline served as a de facto standard for government agencies and companies seeking a reliable, verifiable approach to data destruction.

2. Current Relevance

Newer Guidelines: More recent standards (e.g., NIST SP 800‑88) have replaced or superseded DoD 5220.22‑M in certain areas, as a single correct overwrite is often deemed sufficient today.
Ongoing Demand: Many customers—particularly in the United States—continue to request the DoD method as a familiar reference for secure data erasure.
 

2. Technical Details of the DoD Erasure Algorithm

At the core of the DoD standard is triple overwriting of all addressable storage areas, followed by verification.

1. First Pass – Fixed Bit Pattern (usually 0x00)

• Process: The areas to be erased are initially overwritten uniformly with zeros.
• Purpose: To fully overwrite the original data so that simple recovery methods are ruled out.

2. Second Pass – Complementary Bit Pattern (usually 0xFF)

• Process: The same area is then overwritten again, this time with the logical complement (typically binary ones).
• Purpose: To further reduce any remanence effects (magnetic or electronic traces).

3. Third Pass – Random Bit Pattern

• Process: The final step uses a pseudo-random or, ideally, cryptographically secure random number generator to overwrite the target data with completely random values.
• Purpose: To minimize residual artifacts and repeated patterns so that forensic analysis cannot detect any structural clues pointing to the original data.

4. Verification (Verify)

• Process: After completion of the three passes, a check is performed to ensure that all areas have indeed been overwritten with the latest (e.g., random) bit pattern.
• Purpose: To guarantee that no areas were skipped or partially overwritten.

Note for Less Technical Users:
Imagine you have a handwritten text. First, you use a black marker to make it unreadable, then paint over it with a white marker (the opposite color), and finally splash colorful paint everywhere. Afterward, you check to see if any text is still visible. This is roughly how triple overwriting on storage media works—only done purely digitally, of course.

3. Implementation of the DoD 5220.22‑M Standard in iShredder™

iShredder™ solutions implement the triple overwriting plus verification exactly in accordance with the specifications of DoD 5220.22‑M. Concretely, this means:

1. First Overwrite Cycle

• Process: iShredder™ overwrites all selected data areas with a fixed bit pattern (0x00) or a similarly defined value (e.g., 0x55 in some variants).

2. Second Overwrite Cycle

• Process: iShredder™ overwrites the same areas with the complement of the first pattern (e.g., 0xFF or 0xAA).

3. Third Overwrite Cycle

• Process: iShredder™ generates a random value for each byte of the relevant areas and overwrites them accordingly.
• Security: A cryptographically secure pseudo-random number generator (CSPRNG) is used to ensure high entropy.

4. Erasure Verification (Checksum/Hash)

• Process: iShredder™ can then perform a checksum or hash calculation to verify that all sectors were successfully overwritten without errors.
• Benefit: This ensures and documents that no original data fragments remain.

Additional Features:

• Erasure Report: Upon completion of the erasure processes, iShredder™ generates a detailed Erasure Report showing the method used (e.g., “DoD 5220.22‑M”), the affected files/partitions, and the verification result.
• Extended Algorithms: Some editions also offer DoD 5220.22‑M ECE (7‑pass) as well as other national/international standards (NATO, BSI, Gutmann, etc.). These are mainly for highly critical data. For most use cases, the 3‑pass variant in line with DoD 5220.22‑M is sufficient.

4. Why iShredder™ Complies with the DoD 5220.22‑M Standard

1. Original Methodology

• Compliance: iShredder™ strictly follows the overwrite patterns required by DoD 5220.22‑M (fixed value, complement, random value) and conducts a subsequent verification.

2. Equivalent Security

• Protection: Multiple overwrites with different patterns ensure that even specialized data recovery techniques cannot reconstruct the original data.
• Randomization: Using a secure random generator in the third pass adds another layer of security.

3. Traceable Documentation

• Logging: Every erasure process can be logged. Businesses and government agencies thus receive written evidence that a storage device was sanitized according to the DoD standard.
• Audits and Certifications: Such documentation is often essential for audits or certifications (e.g., ISO 27001).

4. Independent Verifiability

• No Official “DoD Certification”: There is no official certification from the U.S. Department of Defense (the DoD no longer issues specific “DoD certificates” for software solutions). However, iShredder™ can be reviewed by external experts or security labs.
   

5. Note on Formal Certifications

The U.S. Department of Defense does not grant an official seal solely for implementing the DoD 5220.22‑M method. If a provider advertises “DoD-certified data erasure,” it is often misleading because no such certification exists in this specific form.

Important for Less Technical Users: “DoD 5220.22‑M” refers to a data erasure procedure, not an official government test. It is more akin to a recognized “recipe” that each vendor is responsible for implementing correctly.
iShredder™ follows this “recipe” and thus achieves the same level of security promised by “DoD 5220.22‑M.”
 

6. Official Declaration of Conformity

Protectstar™ Inc. hereby formally declares that iShredder™ solutions are compliant with DoD 5220.22‑M.

1. Algorithmic Implementation

• Three-Pass Overwrite: Fixed bit patterns, complement, random values, plus subsequent verification of error-free overwriting.

2. Equivalent Security Effect

• Alignment with DoD Requirements: The chosen approach and implementation meet the requirements set out in DoD 5220.22‑M.

3. Evidence and Transparency

Detailed Erasure Reports: iShredder™ produces detailed logs indicating the exact erasure method and verification results.
Private individuals, government agencies, or organizations with heightened security requirements thus gain a reliable, recognized solution for permanently and irreversibly sanitizing digital storage media.
 

References

• U.S. Department of Defense (DoD): National Industrial Security Program Operating Manual (NISPOM) – DoD 5220.22‑M, first published 1995, older version.
• German Federal Office for Information Security (BSI): “Recommendations on the Deletion and Destruction of Information,” various publications, most recently accessed in 2023.
• NIST Special Publication 800‑88 Rev. 1: Guidelines for Media Sanitization, National Institute of Standards and Technology, 2014.
• Protectstar™ Inc.: iShredder™ Technical Documentation, as of 2025.